DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r1

Updated: 6/10/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.3

Estimated Item Count: 44

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_6.7_VAMI-lighttpd_v1r1.audit from DISA VMware vSphere 6.7 VAMI-lighttpd v1r1 STIG
VCLD-67-000001 - VAMI must limit the number of simultaneous requests.
VCLD-67-000002 - VAMI must be configured with FIPS 140-2 compliant ciphers for HTTPS connections.
VCLD-67-000003 - VAMI must use cryptography to protect the integrity of remote sessions.
VCLD-67-000004 - VAMI must be configured to monitor remote access.
VCLD-67-000005 - VAMI must generate log records for system startup and shutdown.
VCLD-67-000006 - VAMI must produce log records containing sufficient information to establish what type of events occurred.
VCLD-67-000011 - VAMI log files must only be accessible by privileged users - access.log
VCLD-67-000011 - VAMI log files must only be accessible by privileged users - error.log
VCLD-67-000014 - Rsyslog must be configured to monitor VAMI logs.
VCLD-67-000015 - VAMI server binaries and libraries must be verified for their integrity.
VCLD-67-000016 - VAMI must only load allowed server modules - mod_access
VCLD-67-000016 - VAMI must only load allowed server modules - mod_accesslog
VCLD-67-000016 - VAMI must only load allowed server modules - mod_cgi
VCLD-67-000016 - VAMI must only load allowed server modules - mod_magnet
VCLD-67-000016 - VAMI must only load allowed server modules - mod_proxy
VCLD-67-000016 - VAMI must only load allowed server modules - mod_rewrite
VCLD-67-000016 - VAMI must only load allowed server modules - mod_setenv
VCLD-67-000017 - VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke OS shell programs disabled.
VCLD-67-000018 - VAMI must explicitly disable Multipurpose Internet Mail Extensions (MIME) mime mappings based on 'Content-Type' - Content-Type.
VCLD-67-000019 - VAMI must remove all mappings to unused scripts - cgi
VCLD-67-000019 - VAMI must remove all mappings to unused scripts - erb
VCLD-67-000019 - VAMI must remove all mappings to unused scripts - pl
VCLD-67-000019 - VAMI must remove all mappings to unused scripts - py
VCLD-67-000019 - VAMI must remove all mappings to unused scripts - rb
VCLD-67-000020 - VAMI must have resource mappings set to disable the serving of certain file types.
VCLD-67-000021 - VAMI must not have the Web Distributed Authoring (WebDAV) servlet installed.
VCLD-67-000022 - VAMI must prevent hosted applications from exhausting system resources.
VCLD-67-000023 - VAMI must not have any symbolic links in the web content directory tree.
VCLD-67-000025 - VAMI must protect the keystore from unauthorized access.
VCLD-67-000026 - VAMI must restrict access to the web root.
VCLD-67-000027 - VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks.
VCLD-67-000028 - VAMI must set the encoding for all text mime types to UTF-8.
VCLD-67-000029 - VAMI must disable directory browsing.
VCLD-67-000030 - VAMI must not be configured to use 'mod_status' - mod_status.
VCLD-67-000031 - VAMI must have debug logging disabled.
VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - etc
VCLD-67-000032 - VAMI configuration files must be protected from unauthorized access - opt
VCLD-67-000033 - VAMI must be protected from being stopped by a non-privileged user.
VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv2
VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - sslv3
VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv10
VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv11
VCLD-67-000034 - VAMI must implement TLS1.2 exclusively - tlsv12